-
Notifications
You must be signed in to change notification settings - Fork 892
wip #487
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Check warning
Code scanning / CodeQL
DOM text reinterpreted as HTML Medium
DOM text
Uh oh!
There was an error while loading. Please reload this page.
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 28 days ago
To fix the problem, we need to ensure that any text assigned to submitButton.innerHTML
is properly escaped so that it cannot be interpreted as HTML. The best way to do this is to use textContent
instead of innerHTML
when restoring the button's original content, as textContent
will treat the value as plain text and not parse it as HTML. However, since the loading state uses HTML (a spinner SVG and markup), we need to use innerHTML
only for the loading state, and use textContent
for restoring the original button label.
Specifically, in the setAIButtonLoadingState
function:
- When restoring the button to its original state (
isLoading === false
), setsubmitButton.textContent
to the value ofdata-original-content
(or 'Ingest'). - When entering the loading state, continue to use
innerHTML
for the spinner markup.
This change should be made in the region around line 102 in src/static/js/utils_ai.js
.
This pull request has merge conflicts that must be resolved before it can be merged.
63de11e
to
c3edd62
Compare
This pull request has resolved merge conflicts and is ready for review.
This pull request has merge conflicts that must be resolved before it can be merged.
No description provided.